From owner-svn-src-all@freebsd.org Fri Aug 17 00:30:06 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE69A107BBF4; Fri, 17 Aug 2018 00:30:06 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 82F968180D; Fri, 17 Aug 2018 00:30:06 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 64F1F20EA2; Fri, 17 Aug 2018 00:30:06 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7H0U6o9027742; Fri, 17 Aug 2018 00:30:06 GMT (envelope-from cem@FreeBSD.org) Received: (from cem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7H0U5rt027737; Fri, 17 Aug 2018 00:30:05 GMT (envelope-from cem@FreeBSD.org) Message-Id: <201808170030.w7H0U5rt027737@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org using -f From: Conrad Meyer Date: Fri, 17 Aug 2018 00:30:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r337939 - in head/sys: conf modules/crypto opencrypto X-SVN-Group: head X-SVN-Commit-Author: cem X-SVN-Commit-Paths: in head/sys: conf modules/crypto opencrypto X-SVN-Commit-Revision: 337939 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Aug 2018 00:30:07 -0000 Author: cem Date: Fri Aug 17 00:30:04 2018 New Revision: 337939 URL: https://svnweb.freebsd.org/changeset/base/337939 Log: Add xform-conforming auth_hash wrapper for Poly-1305 The wrapper is a thin shim around libsodium's Poly-1305 implementation. For now, we just use the C algorithm and do not attempt to build the SSE-optimized variant for x86 processors. The algorithm support has not yet been plumbed through cryptodev, or added to cryptosoft. Added: head/sys/opencrypto/xform_poly1305.c (contents, props changed) head/sys/opencrypto/xform_poly1305.h (contents, props changed) Modified: head/sys/conf/files head/sys/modules/crypto/Makefile head/sys/opencrypto/cryptodev.h head/sys/opencrypto/xform_auth.h Modified: head/sys/conf/files ============================================================================== --- head/sys/conf/files Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/conf/files Fri Aug 17 00:30:04 2018 (r337939) @@ -4819,6 +4819,21 @@ opencrypto/gfmult.c optional crypto | ipsec | ipsec_s opencrypto/rmd160.c optional crypto | ipsec | ipsec_support opencrypto/skipjack.c optional crypto | ipsec | ipsec_support opencrypto/xform.c optional crypto | ipsec | ipsec_support +opencrypto/xform_poly1305.c optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium" +contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c \ + optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium" +contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c \ + optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium" +contrib/libsodium/src/libsodium/crypto_verify/sodium/verify.c \ + optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium" +crypto/libsodium/randombytes.c optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium" +crypto/libsodium/utils.c optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium" rpc/auth_none.c optional krpc | nfslockd | nfscl | nfsd rpc/auth_unix.c optional krpc | nfslockd | nfscl | nfsd rpc/authunix_prot.c optional krpc | nfslockd | nfscl | nfsd Modified: head/sys/modules/crypto/Makefile ============================================================================== --- head/sys/modules/crypto/Makefile Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/modules/crypto/Makefile Fri Aug 17 00:30:04 2018 (r337939) @@ -1,5 +1,7 @@ # $FreeBSD$ +LIBSODIUM=${SRCTOP}/sys/contrib/libsodium/src/libsodium + .PATH: ${SRCTOP}/sys/opencrypto .PATH: ${SRCTOP}/sys/crypto .PATH: ${SRCTOP}/sys/crypto/blowfish @@ -12,6 +14,10 @@ .PATH: ${SRCTOP}/sys/crypto/blake2 .PATH: ${SRCTOP}/sys/crypto/chacha20 .PATH: ${SRCTOP}/sys/contrib/libb2 +.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305 +.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305/donna +.PATH: ${LIBSODIUM}/crypto_verify/sodium +.PATH: ${SRCTOP}/sys/crypto/libsodium KMOD = crypto SRCS = crypto.c cryptodev_if.c @@ -44,6 +50,22 @@ CWARNFLAGS.blake2b-ref.c += -Wno-cast-qual -Wno-unused CWARNFLAGS.blake2s-ref.c += -Wno-cast-qual -Wno-unused-function SRCS += chacha.c SRCS += chacha-sw.c + +LIBSODIUM_INC=${LIBSODIUM}/include +LIBSODIUM_COMPAT=${SRCTOP}/sys/crypto/libsodium +SRCS += xform_poly1305.c +CFLAGS.xform_poly1305.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT} +SRCS += onetimeauth_poly1305.c +CFLAGS.onetimeauth_poly1305.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT} +SRCS += poly1305_donna.c +CFLAGS.poly1305_donna.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT} +SRCS += verify.c +CFLAGS.verify.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT} +SRCS += randombytes.c +CFLAGS.randombytes.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT} +SRCS += utils.c +CFLAGS.utils.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT} + SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h SRCS += opt_ddb.h Modified: head/sys/opencrypto/cryptodev.h ============================================================================== --- head/sys/opencrypto/cryptodev.h Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/opencrypto/cryptodev.h Fri Aug 17 00:30:04 2018 (r337939) @@ -85,6 +85,7 @@ #define MD5_KPDK_HASH_LEN 16 #define SHA1_KPDK_HASH_LEN 20 #define AES_GMAC_HASH_LEN 16 +#define POLY1305_HASH_LEN 16 /* Maximum hash algorithm result length */ #define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ @@ -107,6 +108,8 @@ #define AES_192_GMAC_KEY_LEN 24 #define AES_256_GMAC_KEY_LEN 32 +#define POLY1305_KEY_LEN 32 + /* Encryption algorithm block sizes */ #define NULL_BLOCK_LEN 4 /* IPsec to maintain alignment */ #define DES_BLOCK_LEN 8 @@ -195,7 +198,8 @@ #define CRYPTO_SHA2_256 35 #define CRYPTO_SHA2_384 36 #define CRYPTO_SHA2_512 37 -#define CRYPTO_ALGORITHM_MAX 37 /* Keep updated - see below */ +#define CRYPTO_POLY1305 38 +#define CRYPTO_ALGORITHM_MAX 38 /* Keep updated - see below */ #define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \ (x) <= CRYPTO_ALGORITHM_MAX) Modified: head/sys/opencrypto/xform_auth.h ============================================================================== --- head/sys/opencrypto/xform_auth.h Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/opencrypto/xform_auth.h Fri Aug 17 00:30:04 2018 (r337939) @@ -83,6 +83,7 @@ extern struct auth_hash auth_hash_nist_gmac_aes_192; extern struct auth_hash auth_hash_nist_gmac_aes_256; extern struct auth_hash auth_hash_blake2b; extern struct auth_hash auth_hash_blake2s; +extern struct auth_hash auth_hash_poly1305; union authctx { MD5_CTX md5ctx; Added: head/sys/opencrypto/xform_poly1305.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/opencrypto/xform_poly1305.c Fri Aug 17 00:30:04 2018 (r337939) @@ -0,0 +1,91 @@ +/* This file is in the public domain. */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include + +#include + +struct poly1305_xform_ctx { + struct crypto_onetimeauth_poly1305_state state; +}; +CTASSERT(sizeof(union authctx) >= sizeof(struct poly1305_xform_ctx)); + +CTASSERT(POLY1305_KEY_LEN == crypto_onetimeauth_poly1305_KEYBYTES); +CTASSERT(POLY1305_HASH_LEN == crypto_onetimeauth_poly1305_BYTES); + +void +Poly1305_Init(struct poly1305_xform_ctx *polyctx) +{ + /* Nop */ +} + +void +Poly1305_Setkey(struct poly1305_xform_ctx *polyctx, + const uint8_t key[__min_size(POLY1305_KEY_LEN)], size_t klen) +{ + int rc; + + if (klen != POLY1305_KEY_LEN) + panic("%s: Bogus keylen: %u bytes", __func__, (unsigned)klen); + + rc = crypto_onetimeauth_poly1305_init(&polyctx->state, key); + if (rc != 0) + panic("%s: Invariant violated: %d", __func__, rc); +} + +static void +xform_Poly1305_Setkey(void *ctx, const uint8_t *key, uint16_t klen) +{ + Poly1305_Setkey(ctx, key, klen); +} + +int +Poly1305_Update(struct poly1305_xform_ctx *polyctx, const void *data, + size_t len) +{ + int rc; + + rc = crypto_onetimeauth_poly1305_update(&polyctx->state, data, len); + if (rc != 0) + panic("%s: Invariant violated: %d", __func__, rc); + return (0); +} + +static int +xform_Poly1305_Update(void *ctx, const uint8_t *data, uint16_t len) +{ + return (Poly1305_Update(ctx, data, len)); +} + +void +Poly1305_Final(uint8_t digest[__min_size(POLY1305_HASH_LEN)], + struct poly1305_xform_ctx *polyctx) +{ + int rc; + + rc = crypto_onetimeauth_poly1305_final(&polyctx->state, digest); + if (rc != 0) + panic("%s: Invariant violated: %d", __func__, rc); +} + +static void +xform_Poly1305_Final(uint8_t *digest, void *ctx) +{ + Poly1305_Final(digest, ctx); +} + +struct auth_hash auth_hash_poly1305 = { + .type = CRYPTO_POLY1305, + .name = "Poly-1305", + .keysize = POLY1305_KEY_LEN, + .hashsize = POLY1305_HASH_LEN, + .ctxsize = sizeof(struct poly1305_xform_ctx), + .blocksize = crypto_onetimeauth_poly1305_BYTES, + .Init = (void *)Poly1305_Init, + .Setkey = xform_Poly1305_Setkey, + .Update = xform_Poly1305_Update, + .Final = xform_Poly1305_Final, +}; Added: head/sys/opencrypto/xform_poly1305.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/opencrypto/xform_poly1305.h Fri Aug 17 00:30:04 2018 (r337939) @@ -0,0 +1,16 @@ +/* This file is in the public domain. */ +/* $FreeBSD$ */ +#pragma once + +#include + +struct poly1305_xform_ctx; + +void Poly1305_Init(struct poly1305_xform_ctx *); + +void Poly1305_Setkey(struct poly1305_xform_ctx *, + const uint8_t [__min_size(32)], size_t); + +int Poly1305_Update(struct poly1305_xform_ctx *, const void *, size_t); + +void Poly1305_Final(uint8_t [__min_size(16)], struct poly1305_xform_ctx *);